Zklend, a decentralized money loan platform on the Starknet blockchain, was the victim of a major feat, the pirate draining $ 9.5 million in cryptographic active ingredients.
The Safety Company of the Cyvers Blockchain confirmed that the stolen funds had initially been riveted on Ethereum and channeled by the Privacy Protocol Railgun.
The funds were then redirected to the original address due to internal protocol policies, Cyverse said on Monday.
Following the incident, Zklend took a withdrawal break and advised users to cling to the deposit or the reimbursement of loans while they investigated the incident.
The violation has raised alarm ringtones in the DEFI space, as it is part of the growing security problems in the sector. Cybercriminals have already stolen more than $ 110 million in blockchain projects this year, according to Defillama Data.
Zklend contacted the pirate with a chain message offering a 10% “white hat” bonus in exchange for the return of the remaining funds, at 3,300 ETH (about 8.78 million dollars).
“Upon receipt of the transfer, we agree to release any responsibility concerning the attack,” informed the platform.
Zklend has established a strict deadline of February 14 for the hacker to comply, warning that legal measures would be taken if the funds were not returned.
The loan platform said they were already working with the police and several security companies – including Starkware, Starknet Foundation, Binance Security – to trace stolen funds and catch the pirate.
“It was one of the biggest hacks on Starknet if not the biggest in recent years,” CEO and co-founder of the web security company Quillaudits told Preetam Rao. Decipher. “Good to see Zklend is transparent throughout the situation also offered a pirate bonus.”
The deep cause of the hack does not seem to be in the evidence, but rather in contractual logic, “said Rao, noting that his team examines the incident to prevent similar problems in other protocols.
Talk to DecipherMeir Dolev, co-founder and CTO of Cyvers, noted: “This incident highlights the safety risks in the loans of DEFI and raises concerns concerning the security of protocols on the infrastructure of Rollup with zero knowledge of Starknet.”
Unlike the mixers of traditional parts such as Tornado Cash, which pool and redistribute the funds to obscure their origin, Zklend hackers have used Railgun which integrates confidentiality functionalities directly into DEFI applications, guaranteeing the anonymity of all users By interacting with the blockchain.
“We are committed to total transparency and share a complete post mortem analysis from its end,” tweeted the team, urging users to stay patient while working on the incident.
At the Summit 2024 of the web3, the founder of Immunofi Mitchell Amador shared his thoughts with DecipherCall Defi Piracy “An infinitely durable and viable company”. But he added that cryptographic space becomes “undoubtedly” safer.
The pirates of Defi, he said, “sought more than ever damage-and their skills are also applicable in a number of different areas”.
Edited by Stacy Elliott.
Daily debriefing Bulletin
Start every day with the best reports at the moment, as well as original features, a podcast, videos and more.
